Rapid 7 - What’s New in InsightVM: Q1 2021 in Review
Are you ready to return to the office? At many companies around the world, plans are being put into place for a phased workforce return to physical offices. With big moves come big changes, which inevitably reveal new vulnerabilities. For many across the security landscape, it’s as if hundreds of new workers will have just been hired and they’re all reporting to the office at once. That’s a lot of repositioned assets and potential endpoint-threats.
Not to worry! Rapid7 is constantly updating our products and services to address your changing environments. Here now is a rundown of new features and functionality launched in Q1 2021 for InsightVM and Insight Cloud. We hope you can begin to leverage these changes to drive success across your organization.
Easier for you, harder for attackers
This latest round of new InsightVM features addresses aspects of efficiency and defense. Because keeping your network safe from ever-present threats while ensuring a smooth transition back to the office is the name of the game.
At a glance (or click)
We continue to hear feedback from teams that properly communicating their vulnerability management progress to stakeholders is a constant issue. Executives know it’s imperative that there is a program in place, but often misunderstand or are simply confused when attempting to discern the fruits of their security organization’s labor. The “Executive Report Summary” in InsightVM has expanded its functionality so that users can now filter the report for an at-a-glance view of hot-ticket items around which they might want to communicate a specific story.
Additionally, 2 streamlined login experiences are now available. “InsightVM Platform Login” eliminates the need to maintain multiple credential sets and authentication methods for varying parts of the platform. Users can now access both console- and cloud-based features in a single location. This update makes it easier to leverage the full functionality of InsightVM, and moves the experience closer to cloud nativity by providing one access point at insight.rapid7.com. Learn more here.
“Service Provider (SP) Initiated Login” helps Insight Cloud users maintain compliance with existing authentication policies. It presents them with an opportunity to use the single sign-on source already configured in their Insight Platform company settings. Learn more here.
Identify and remediate faster
InsightVM users also can now leverage existing infrastructure to respond faster to the latest threats and get broader coverage of potential threats. “Metasploit Remote Check Service” enhances remote vulnerability coverage capabilities on existing scan engines, which will run safe versions of Metasploit modules to perform checks. Security teams will be able to get into the minds of threat actors by quickly and easily scanning for low-hanging vulnerabilities. The beta version of this service will include 8 new remote vulnerability checks that focus on developer misconfigurations.
But why stop there? The new “Significant Changes in the Last 30 Days” dashboard in InsightVM does way more than simply provide a snapshot of, well, significant changes in the last 30 days. From this dashboard, differences are highlighted, with users then able to pivot those findings directly into a remediation project. Teams can run queries by:
- Assets
- Non-critical vulnerabilities
- Critical vulnerabilities
These queries will filter dashboard cards so teams can obtain a clearer picture of specific data. For instance, the “Total Asset Trends” card shows the number of assets in an environment and the percentage of increase in the last 30 days. The “Number of Exploitable Critical Vulnerabilities Found in the Last 30 Days” card allows users to further zoom into vulnerabilities that may be time-sensitive as far as likelihood of being attacked.
Identifying and reducing risk is a constant struggle, which is why we’re always looking for new ways to help you do it all faster.
What’s improved?
Cutting down on asset redundancies is one way to help create happier security teams. That’s why we improved InsightVM’s asset-correlation methodology. As a memory-jog, asset linking assimilates multiple scans—if coming from different sites—of the same asset. It ensures that this overlapping scan data will correlate and integrate as one asset, and is ideal in cases where sites are configured based on varying asset categories.
Previously, users had to manually enable asset linking when an Insight Agent was present on an endpoint. Now, assets are automatically correlated where an agent is present. Read more here.
What’s coming?
As always, we’ll wrap up with a new-feature preview mode: Kubernetes now integrates with InsightVM to extend container security! Discover containers deployed in environments, monitor containers running specific images, and map vulnerabilities within those images to running containers. This will help teams increase overall awareness so they can monitor and prioritize vulnerabilities accordingly. Opt in now to enhance InsightVM’s visibility across the container lifecycle.
Haven’t read the Rapid7 2020 Vulnerability Intelligence Report? Refresh yourself with a deep-dive into some of the top exploitation trends from the last year.
Until next time...
from Rapid7 Blog https://blog.rapid7.com/2021/04/26/whats-new-in-insightvm-q1-2021-in-review/
Comments
Post a Comment